Simpatico Systems Privacy Notice
What is the purpose of this notice?
This Privacy Notice (“Notice”) outlines how the Personal Information of clients, prospective clients, former clients, visitors, vendors, and other third parties we interact with (“External Individuals”) is collected, managed, and processed by Simpatico Systems. Simpatico Systems is committed to handling the Personal Information of all External Individuals appropriately and lawfully. This notice sets out the minimum requirements for ensuring that the Personal Information of External Individuals is collected, used, retained, and disclosed in a secure and compliant manner.
What other rules or notices apply?
In some cases, local laws and regulations that apply to the Processing of Personal Information may be more restrictive than this Notice. Where this is the case, the more restrictive requirements will apply. Where required by local laws, Simpatico Systems will provide you with additional privacy notices or information. In addition, this Notice may be supplemented from time to time with more specific privacy information or notices, for example when you visit a Simpatico Systems website, attend an event, or use particular Simpatico Systems apps or portals.
Contacts
Any questions, concerns, or complaints about the operation of this Notice should be addressed to Simpatico Systems Data Protection Office (see Contact Us section below). This Notice may be updated from time to time. You can find the most up-to-date version of this Notice on our website at www.simpat.co/privacy
Who is this notice directed to?
This Notice applies between you, as an External Individual, and the Simpatico Systems company that you interact or engage with or that communicates with you concerning services or solutions provided by Simpatico Systems, or the Simpatico Systems company to whom you provide or wish to provide your goods or services. If you are unsure as to which Simpatico Systems company applies to you, please Contact Us (see the Contact Us section below). This Notice applies to all External Individuals concerning your Personal Information. This Notice does not apply to Personal Information belonging to Associates (as defined below) employed or contracted by Simpatico Systems. This Notice also does not apply to Personal Information Processed by Simpatico Systems on behalf of clients as part of Simpatico Systems’s services.
What are we going to tell you in this notice?
How we collect and use your Personal Information
Why do we need to collect your Personal Information
To whom we give your Personal Information
How we monitor your activities
How long do we retain your Personal Information
How do we protect your Personal Information
Capitalized terms are defined at the end of this Notice, in the Definitions section.
How we collect and use your Personal Information
Simpatico Systems will only collect Personal Information relating to External Individuals to the extent that it is required for a particular purpose or purposes, in the context of its business. Read about the purposes in the next section “Why we need to collect your Personal Information”.
Simpatico Systems may collect or Process, and has collected or Processed in the preceding year, any or all of the following types of Personal Information about External Individuals as part of its business activities:
Personal Information Category | Examples of Personal Information we may collect within each category include: |
Identity information | Title, full name, photograph, gender, date of birth. |
Contact details | Employer details, job title, work address, phone number(s) and email address(es), emergency contact details and number, and social media handles. |
Personal details | Languages and information that External Individual volunteers in their course of dealings with Simpatico Systems, such as through networking events (which could involve the disclosure of data about religion to facilitate prayer room access, ethnicity, or sexual orientation). |
Marketing information | Contact history, interactions and communications with Simpatico Systems, events attended, Simpatico Systems information and materials (e.g., whitepapers) provided, contact preferences. |
Health information | Meal preferences, food allergies, and access requirements for physically challenged. |
Relationship management information |
Communication and meeting dates, education and qualifications, references, professional experience, membership of professional bodies, information about complaints, and feedback. |
Data related to the use of and access to facilities and corporate assets |
Time and location of entry and exit to premises, access to restricted zones, and security camera footage data related to access to and usage of office equipment and corporate assets including fixed and mobile phones, computer systems, email and the intranet/internet, location identifiers, multifunctional devices, cost recovery systems, document management systems, car service pick up and drop off logs, contact management systems, and online databases. |
Background screening information | Criminal history, political exposure. |
We receive Personal Information about you directly from you via our websites and portals, at events you attend, and when we contact you via post, email, or phone and through your usage of Simpatico Systems systems (such as client and vendor onboarding processes and internally developed applications). We may also receive Personal Information about you from other sources such as business networks and agencies, publicly available sources such as LinkedIn, media outlets, referrals, from the company that employs you, our past clients, and where we purchase marketing lists.
Personal Information of others provided by you. In certain situations, including visiting our offices, you may provide us with the Personal Information of others (e.g., your colleagues). It is your responsibility to inform the nominated individual about the Processing of their Personal Information for the described purposes and to confirm if required by law, that they have given their permission.
Why do we need to collect your Personal Information?
Purposes
Simpatico Systems uses External Individuals’ Personal Information for a variety of purposes. The most common uses of Personal Information are:
- Managing client requests, projects, and bidding for work;
- Marketing activities and market research;
- Managing vendor relationships and invoicing and determining the eligibility of vendors including verification of references and qualifications and other background checks;
- Managing client relationships;
- Investigating complaints and issues;
- Organizing meetings and networking events;
- Business continuity management;
- Security and compliance with the law, including health and safety requirements; and
- Developing resource plans to meet business demands.
To comply with legal and regulatory obligations and to the extent permitted or required by local law, and specifically to ensure that we can comply with applicable trade control, anti-money laundering, and/or anti-bribery and corruption laws, we may carry out background screening checks on current and prospective clients, vendors and business partners, both pre and post contract. In addition to screening individuals and legal entities with whom we enter contracts, this screening may cover individuals such as directors, officers, sole traders, shareholders, and other key stakeholders. The screening utilizes publicly available information, including government-issued sanctions lists and media sources. The information obtained through background screening may include Personal Information regarding suspected or actual criminal behavior, criminal records or proceedings, and unlawful behavior.
An extensive list of the purposes for which we may collect your Personal Information is set out in the table below. Where Simpatico Systems wishes to use Personal Information for a new purpose that has not been notified to the External Individual, where required by law, Simpatico Systems will notify the External Individual of the new purpose.
Legal Basis for Processing
Simpatico Systems will Process Personal Information relating to External Individuals where it is required by law, necessary for the performance or administration of a contract, or where it has a legitimate business interest in doing so. Simpatico Systems will Process Sensitive Personal Information where it is necessary for carrying out a legal obligation or exercising specific rights of Simpatico Systems permitted by local law. Simpatico Systems will obtain your consent to Process your Personal Information where it is required to do so by local law, and where required, for any new or additional purpose. Under local law, to the extent that Processing is based on consent, External Individuals may be entitled to withdraw consent to the Processing of their Personal Information. External Individuals who wish to withdraw consent should follow the instructions received at the time of providing consent or contact us (see the Contact Us section below).
The primary legal basis of Processing is set out in the table below.
Purpose of Use | Legal Reason for Processing |
For vendor and client relationship management | |
Managing requests from clients including Simpatico Systems’ bids for work, conducting such work, invoicing clients, and investigating complaints and other issues. | • Necessary for Simpatico Systems’ legitimate interests (to run a successful and efficient business). |
Managing vendor and business partner relationships and determining the eligibility of vendors and others including verification of references and qualifications and other background screening checks. |
• Necessary for compliance with Simpatico Systems’ legal obligations as a business entity. • Necessary for Simpatico Systems’ legitimate interests (to run a successful and efficient business). • Consent |
For compliance with legislation and policies | |
Managing, monitoring, and investigating compliance with all relevant legal, regulatory, and administrative obligations and responsibilities, whether in the jurisdiction where you are based or elsewhere. |
• Necessary for Simpatico Systems’ legal obligations as a business entity. • Necessary for Simpatico Systems’ legitimate interest in monitoring compliance with regulatory obligations. |
Monitoring and investigating compliance with Simpatico Systems policies. | • Necessary for Simpatico Systems’ legitimate interests to ensure compliance with our policies. |
For organizing and maintaining our business structure | |
Development of central databases concerning the Personal Information of all External Individuals, including databases used by subsidiaries or branch offices for client and vendor management. | • Necessary for Simpatico Systems’ legitimate interests (to run a successful and efficient business). |
Business development | • Depending on the situation, either with the consent of the data subject, or where necessary for Simpatico Systems’ legitimate interests (to run a successful and efficient business). |
For Security & Business Continuity | |
Management of access controls and usage of buildings and facilities (including CCTV and parking lots). | • Necessary for Simpatico Systems’ legitimate interests (to comply with its responsibilities to run a safe, secure, and efficient business). |
Management of access to and usage of office equipment and resources including but not limited to telephones, mobile phones, laptops and portable devices, multifunctional devices, and more generally the computer network and applications. | • Necessary for Simpatico Systems’ legitimate interests (to protect Simpatico Systems’ finances and help prevent fraud). |
Maintaining the security of Simpatico Systems’ and its client’s networks and information and intellectual property. | • Necessary for Simpatico Systems’ legitimate interests (to run a successful and efficient business). |
Detecting, preventing, or otherwise addressing security, fraud, or technical issues. | • Necessary for Simpatico Systems’ legitimate interests (to run a successful and efficient business and help prevent fraud). |
To whom we give your Personal Information
Disclosure to third parties. Simpatico Systems may also share your Personal Information:
- With clients and potential clients in the course of business and business development;
- With suppliers, subcontractors, and service providers, to maintain an efficient and commercially viable business, including caterers and security contractors if you visit Simpatico Systems’ premises;
- With professional advisers and consultants;
- With legal advisors and external auditors for legal advice and to conduct business audits;
- With credit reference agencies and background verification agencies, to conduct credit checks and background verification and reference checks;
- With service providers for business continuity management and contingency planning in the event of business disruptions; and
- With prospective sellers or buyers and their advisers if Simpatico Systems merges, acquires, or sells any business or assets.
The third parties with whom we share your Personal Information may in some instances independently determine the purposes and uses of your Personal Information (e.g., legal advisers and external auditors); in such cases, the recipient’s privacy policy will govern their use of your Personal Information.
Disclosure without notification. There may be circumstances where Simpatico Systems discloses Personal Information to third parties without notifying External Individuals. These circumstances could include:
- Where the information is publicly available;
- Where Simpatico Systems is required to do so by law or by order of a court or tribunal, or where Simpatico Systems has a good faith belief that such disclosure is reasonably necessary to comply with a legal obligation, process, or request;
- Where it is alleged by a law enforcement authority that an External Individual is guilty of a criminal offense, or is civilly liable in legal action, Simpatico Systems has a good faith belief that any disclosure is necessary to comply with a legal process or request.
- Where Simpatico Systems is legally required to or has a good faith belief that such disclosure is reasonably necessary to protect the rights, property, or safety of Simpatico Systems, its employees, contractors, job applicants, vendors, clients, customers of clients, third parties or the public as required and permitted by law.
In the preceding year, we have not sold your Personal Information or shared it with a third party for cross-context behavioral advertising.
How we monitor your activities
Where permitted by local law, Simpatico Systems may monitor the activities of External Individuals at Simpatico Systems or client facilities using CCTV. Where required, signage will indicate which areas are subject to such monitoring. Recorded images are destroyed following our retention policy unless they are required for criminal or other investigations (including circumstances where we are required to provide such information to clients for their investigations).
In addition to the above and where permitted by local law, Simpatico Systems may monitor its company assets, including computers, telephones, fax machines, voice mail systems, etc., and its networks, including intranet/internet access, email, applications, etc., and the activities of External Individuals while accessing or using such office equipment or networks as set out in our Acceptable Use Policy. If you have further questions, please contact us (see the Contact Us section below).
How long we retain your Personal Information
Simpatico Systems will retain Personal Information for as long as necessary for fulfilling the purpose or purposes for which it was collected. This generally means that Personal Information will be deleted at the latest 6 years after collection unless longer retention is required for other valid reasons such as compliance with legal obligations, resolving disputes, or enforcing contracts.
How we protect your Personal Information
Simpatico Systems implements appropriate security measures designed to prevent unlawful or unauthorized Processing of Personal Information and accidental loss of or damage to Personal Information. Simpatico Systems maintains written security management policies and procedures designed to prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of your Personal Information. These policies and procedures assign specific data security responsibilities and accountabilities to specific individuals, including a risk management program that includes periodic risk assessment, and provide an adequate framework of controls that safeguard your Personal Information.
What are your rights?
Certain Simpatico Systems systems may allow External Individuals to check and update certain Personal Information. Where applicable, it is the responsibility of all External Individuals to ensure that their Personal Information is kept up-to-date. Where permitted under applicable laws, External Individuals have the right to access their Personal Information, including to know the specific pieces of Personal Information that we collect, use, and disclose, to verify and challenge the accuracy and completeness of their Personal Information and have it corrected, amended or deleted if inaccurate and, in limited circumstances, object to Processing of their Personal Information or ask for Processing to be restricted. Simpatico Systems may require External Individuals to provide reasons or evidence to justify the amendment of Personal Information held by Simpatico Systems. In addition, where applicable, External Individuals can ask for their data to be moved to another controller or be provided in a portable format. Where Simpatico Systems is Processing Personal Information based on consent, External Individuals can withdraw that consent at any time. However, please note that if you withdraw your consent, you might not be able to use services or features that require the collection or use of such Personal Information. External Individuals can exercise these rights by contacting us per the Contact Us section below. External Individuals can also unsubscribe from marketing sent by Simpatico Systems at any time by following the instructions received in the relevant marketing communication. We will not discriminate against you for exercising these rights.
We respond to all requests we receive from External Individuals wishing to exercise their data protection rights following applicable data protection laws. Complying with all or part of your request may be denied or limited by Simpatico Systems if it would violate another person’s rights and/or as otherwise permitted by applicable law.
Before responding to a request, we reserve the right to verify and authenticate your identity and the information that your request relates to. Simpatico Systems may ask for your: (a) First, Middle (if available), and Last Name; (b) Physical Address; (c) Month/Year of Birth; (d) Valid Email Address; and (e) Valid Telephone Number.
Authorized agents will be required to submit a written authorization document that includes your name, address, telephone number, and valid email address, signed and dated by you, appointing the individual as your authorized agent, to act on your behalf. Simpatico Systems may also request you verify your own identity with Simpatico Systems and confirm that you have provided the authorized agent permission to submit the request. For the safety and security of your information, requests submitted to Simpatico Systems by an authorized agent will require a direct method of communication, preferably a valid email address, with you, to fulfill the request. We may deny a request from an authorized agent who does not submit sufficient proof to act on your behalf.
If an archival copy of your Personal Information is required to be retained by applicable law after receiving a request for deletion or closure of your account, we will follow the statutory term for such retention.
Contact Us
Any questions, concerns, or complaints about the operation of this Notice should be addressed to Simpatico Systems’s Data Protection Office at privacy@simpat.co.
If you wish to access the Personal Information we hold about you or exercise any of your other legal rights in respect of your Personal Information, please contact privacy@simpat.co In addition to contacting us, in certain countries, you have the right to file a complaint with your local data protection authority if you so choose.
Note Simpatico Systems may update this Notice from time to time. Any such updates will be effective from the date on which they are notified to External Individuals or posted on the Simpatico Systems website at www.simpat.co/privacy. External Individuals should check this Notice from time to time and take notice of any changes made.
Definitions
- “Associate” means any current, past, and prospective employees, individual contractors, or other members of the personnel of Simpatico Systems.
- “Simpatico Systems” means Simpatico Systems, LLC, a limited liability company incorporated in Texas, United States with a registered address at 8101 Viola Ave, Lubbock, TX 79424 USA.
- “Personal Information” is defined under applicable law but may include any information or combination of information, in any form or medium that can identify an External Individual. Examples include name, email address, physical address, phone number, date of birth, age, home address, personal preferences, behavioral information, government-issued IDs, IP address, hardware identifiers, etc.
- “Sensitive Personal Information” means Personal Information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Examples of Sensitive Personal Information in various jurisdictions may include social security numbers, driver’s license numbers, passwords, passports, tax IDs, financial account and credit card numbers, health information (including Protected Health Information (PHI), biometric identifiers, racial or ethnic origin, and information about political opinions, religious beliefs, trade union membership, criminal history, sexual orientation or blood group, as well as any other information deemed sensitive under applicable data protection laws.
- “Process/Processed/Processing” means any operation or set of operations which is performed on Personal Information or sets of Personal Information, whether or not by automated means, such as collecting, recording, storing, deleting, viewing, accessing, amending, using or disclosing the Personal Information.
- Note, where we have used words such as “include,” “including,” “for example,” or “such as” in this Notice, these are meant to be examples and not exhaustive lists.